summaryrefslogtreecommitdiff
path: root/content/entry/exposing-zoom.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/entry/exposing-zoom.md')
-rw-r--r--content/entry/exposing-zoom.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/exposing-zoom.md b/content/entry/exposing-zoom.md
index a6d8396..bc99226 100644
--- a/content/entry/exposing-zoom.md
+++ b/content/entry/exposing-zoom.md
@@ -72,7 +72,7 @@ The Facebook SDK isn't an isolated case either. Zoom didn't start caring about u
Another absolutely disgusting thing is that Zoom lied to customers again about not selling their data: "...we do not sell our users’ data, we have never sold user data in the past, and have no intention of selling users’ data going forward" Eric S. Yuan. (2020, April 1). Retrieved May 24, 2020 from Zoom, Zoom blog, [https://web.archive.org/web/20200523154804if_/https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/](https://web.archive.org/web/20200523154804if_/https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/). They did permanently removed the attention tracking feature which never should have existed to begin with. There is no mention of removing Google Analytics though.
## 90-Day Plan
-To play devil's advocate, I can go through [Zoom's 90-day plan](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) focusing all their resources on security and privacy to fix their platform. A few things they have done so far: only the host can screen share by default, participants need consent to be unmuted, audio indication for the waiting rooms, removing Giphy, and giving the host more control over the meeting. They also published a [draft crypto design](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) to redo their cryptography. It is apparently available for [peer review on Github](https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf). It's still early to see where all this goes. But given that Zoom hasn't ever owned up to selling user data in exchange for service, I don't have my hopes high.
+To play devil's advocate, I can go through [Zoom's 90-day plan](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) focusing all their resources on security and privacy to fix their platform. A few things they have done so far: only the host can screen share by default, participants need consent to be unmuted, audio indication for the waiting rooms, removing Giphy, and giving the host more control over the meeting. They also published a [draft crypto design](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) to redo their cryptography. It is apparently available for [peer review on GitHub](https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf). It's still early to see where all this goes. But given that Zoom hasn't ever owned up to selling user data in exchange for service, I don't have my hopes high.
# Use Jitsi Instead
Zoom is a [proprietary](https://www.gnu.org/proprietary/) platform. This means it is essentially a black box. As I mentioned earlier, this means it will always be less trustworthy than free software video conferencing solutions such as [Jitsi](https://jitsi.org/security/). [The Tor Project](https://x.com/torproject/status/1244986986278072322) recommended using Jitsi instead of Zoom. I haven't done much research on Jitsi yet, but if the Tor Project is saying to try Jitsi, I would use it over Zoom any day. It's also cross-platform and features actual end-to-end encryption. Even if Zoom implements end-to-end encryption, how can you trust it if it can't be independently reviewed by anyone and no one outside of Zoom can see the source code? How can you trust the implementation on desktop or mobile platforms? In short, you can't. No platform is perfect, however there are more secure and less secure solutions out there. And in general, you want to avoid proprietary programs because they cause the incentives to be aligned in such a way that Zoom will always have reasons to insert privacy-corroding features into their platform.